Releasing an iOS app using encryption: first time

Today I submitted a new app to the iTunes AppStore. As I got to the end of the registration process I realised, to my horror, that final question about “Does your app use encryption?”, which I always click “No” for was in fact “Yes” this time.

I’ve been passively following the farce regarding export of cryptographic software from the United States – despite the fact that the forbidden software is already available to basically the entire planet – but never actually been directly affected by it, until now. Illogically I just assumed by default that because I’ve never had any interest in writing cryptographic software, and my company is Canadian, this wouldn’t apply.

A bit of googling around was not as reassuring as one might hope. Apparently, it is possible to certify an application for export of cryptography in a mere eight easy steps which could take as little as a month to complete, if nothing goes wrong. All as penance for the sin of needing to access a website with an https:// prefix.

A bit more digging around revealed that in fact the process has been simplified significantly. The instructions in this link are immensely helpful, and in fact I had an “ERN” (export registration number) within an hour. Some of the steps claim that they could take as long as a week.

So now this new mystery app is sitting in the AppStore queue, waiting for “Export Compliance”, rather than usual “Review” bottleneck. If all goes well, there should be a followup blog post revealing the app itself!

3 thoughts on “Releasing an iOS app using encryption: first time

  1. I’m in the same situation. I got the ERN within a few hours, printed the final result to a PDF, and then uploaded that PDF to iTunes Connect, which then allowed me to upload the binary. But when uploading the binary, I didn’t use the Application Loader – instead, I submitted the binary directly from Xcode and everything seems to have gone OK – other than the status now being “Waiting for Export Compliance”. Did you have to contact Apple to do anything, or did it just progress through to the next stage?

    Here’s hoping the rest of the process went smoothly for you?

    Reply

  2. Are one also required to submit annual reports to the Department of Commerce?

    “You are required to submit
    an annual self-classification report (Supplement 8 to Part 742) for these products
    pursuant to the requirements in Section 742.15(c) of the EAR.”

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s